Commit 5095e72a authored by Mark Andrews's avatar Mark Andrews

3083. [bug] NOTIFY messages were not being sent when generating

                        a NSEC3 chain incrementally. [RT #23702]
parent 653cad79
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3082. [port] strtok_r is threads only. [RT #23747]
3081. [bug] Failure of DNAME substitution did not return
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.34 2010/11/16 01:14:51 marka Exp $ */
/* $Id: named.conf,v 1.35 2011/03/21 01:02:39 marka Exp $ */
// NS2
......@@ -33,6 +33,7 @@ options {
notify yes;
dnssec-enable yes;
dnssec-validation yes;
notify-delay 1;
};
zone "." {
......@@ -95,4 +96,10 @@ zone "algroll" {
file "algroll.db.signed";
};
zone "nsec3chain-test" {
type master;
file "nsec3chain-test.db.signed";
allow-update {any;};
};
include "trusted.conf";
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.47 2011/03/05 06:35:41 marka Exp $
# $Id: sign.sh,v 1.48 2011/03/21 01:02:39 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -162,3 +162,21 @@ keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $keynew1.key $keynew2.key >$zonefile
$SIGNER -P -r $RANDFILE -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
#
#
#
zone=nsec3chain-test
zonefile=nsec3chain-test.db.signed
cat > $zonefile << EOF
@ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
@ 10 NS ns2
@ 10 NS ns3
ns2 10 A 10.53.0.2
ns3 10 A 10.53.0.3
EOF
awk 'END { for (i = 0; i < 1000; i++)
print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
k=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
k=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.45 2011/03/05 06:35:41 marka Exp $ */
/* $Id: named.conf,v 1.46 2011/03/21 01:02:39 marka Exp $ */
// NS3
......@@ -217,4 +217,10 @@ zone "split-smart.example" {
file "split-smart.example.db";
};
zone "nsec3chain-test" {
type slave;
file "nsec3chain-test.bk";
masters { 10.53.0.2; };
};
include "trusted.conf";
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.82 2011/03/05 19:39:06 each Exp $
# $Id: tests.sh,v 1.83 2011/03/21 01:02:39 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -1252,5 +1252,35 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that NOTIFY is sent at the end of NSEC3 chain generation ($n)"
ret=0
(
echo zone nsec3chain-test
echo server 10.53.0.2 5300
grep DNSKEY ns2/Knsec3chain-test.*.key |
sed -e 's/.*://' -e 's/^/update add /' -e 's/IN/300 IN/'
echo update add nsec3chain-test. 0 nsec3param 1 0 1 -
echo send
) | $NSUPDATE
for i in 1 2 3 4 5 6 7 8 9
do
$DIG $DIGOPTS nsec3param nsec3chain-test @10.53.0.2 > dig.out.ns2.test$n || ret=1
if grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null
then
break;
fi
echo "I:sleeping ...."
sleep 3
done;
grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:nsec3 chain generation not complete"; fi
sleep 3
$DIG $DIGOPTS +noauth +nodnssec soa nsec3chain-test @10.53.0.2 > dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth +nodnssec soa nsec3chain-test @10.53.0.3 > dig.out.ns3.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.597 2011/03/17 05:21:50 marka Exp $ */
/* $Id: zone.c,v 1.598 2011/03/21 01:02:39 marka Exp $ */
/*! \file */
......@@ -6285,6 +6285,7 @@ zone_nsec3chain(dns_zone_t *zone) {
LOCK_ZONE(zone);
zone_needdump(zone, DNS_DUMP_DELAY);
DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
UNLOCK_ZONE(zone);
done:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment